From: Timo Sirainen <tss@iki.fi>
Date: Sat, 21 Sep 2013 22:40:11 +0000 (+0300)
Subject: *-login: Added %{orig_user}, %{orig_username} and %{orig_domain} variables.
X-Git-Tag: 2.2.6~22
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=c7eb1ffb7c73cb5d9c1316bbecd02947441a40d4;p=thirdparty%2Fdovecot%2Fcore.git

*-login: Added %{orig_user}, %{orig_username} and %{orig_domain} variables.
The original username is what the client sent to server before any
translations.
---

diff --git a/src/auth/auth-request-handler.c b/src/auth/auth-request-handler.c
index 98717f944d..19b8624a2f 100644
--- a/src/auth/auth-request-handler.c
+++ b/src/auth/auth-request-handler.c
@@ -173,6 +173,11 @@ auth_str_append_extra_fields(struct auth_request *request, string_t *dest)
 	auth_fields_append(request->extra_fields, dest,
 			   AUTH_FIELD_FLAG_HIDDEN, 0);
 
+	if (strcmp(request->original_username, request->user) != 0) {
+		auth_str_add_keyvalue(dest, "original_user",
+				      request->original_username);
+	}
+
 	if (!request->auth_only &&
 	    auth_fields_exists(request->extra_fields, "proxy")) {
 		/* we're proxying */
diff --git a/src/login-common/client-common.c b/src/login-common/client-common.c
index b633b12674..ce6e9f7967 100644
--- a/src/login-common/client-common.c
+++ b/src/login-common/client-common.c
@@ -272,6 +272,7 @@ bool client_unref(struct client **_client)
 	i_free(client->proxy_user);
 	i_free(client->proxy_master_user);
 	i_free(client->virtual_user);
+	i_free(client->virtual_user_orig);
 	i_free(client->auth_mech_name);
 	i_free(client->master_data_prefix);
 	pool_unref(&client->pool);
@@ -453,6 +454,7 @@ static struct var_expand_table login_var_expand_empty_tab[] = {
 	{ 'u', NULL, "user" },
 	{ 'n', NULL, "username" },
 	{ 'd', NULL, "domain" },
+
 	{ 's', NULL, "service" },
 	{ 'h', NULL, "home" },
 	{ 'l', NULL, "lip" },
@@ -469,6 +471,9 @@ static struct var_expand_table login_var_expand_empty_tab[] = {
 	{ '\0', NULL, "real_rip" },
 	{ '\0', NULL, "real_lport" },
 	{ '\0', NULL, "real_rport" },
+	{ '\0', NULL, "orig_user" },
+	{ '\0', NULL, "orig_username" },
+	{ '\0', NULL, "orig_domain" },
 	{ '\0', NULL, NULL }
 };
 
@@ -522,6 +527,19 @@ get_var_expand_table(struct client *client)
 	tab[16].value = net_ip2addr(&client->real_remote_ip);
 	tab[17].value = dec2str(client->real_local_port);
 	tab[18].value = dec2str(client->real_remote_port);
+	if (client->virtual_user_orig == NULL) {
+		tab[19].value = tab[0].value;
+		tab[20].value = tab[1].value;
+		tab[21].value = tab[2].value;
+	} else {
+		tab[19].value = client->virtual_user_orig;
+		tab[20].value = t_strcut(client->virtual_user_orig, '@');
+		tab[21].value = strchr(client->virtual_user_orig, '@');
+		if (tab[21].value != NULL) tab[21].value++;
+
+		for (i = 0; i < 3; i++)
+			tab[i].value = str_sanitize(tab[i].value, 80);
+	}
 	return tab;
 }
 
diff --git a/src/login-common/client-common.h b/src/login-common/client-common.h
index e2a64468e4..49def5c753 100644
--- a/src/login-common/client-common.h
+++ b/src/login-common/client-common.h
@@ -141,7 +141,7 @@ struct client {
 	unsigned int auth_attempts, auth_successes;
 	pid_t mail_pid;
 
-	char *virtual_user;
+	char *virtual_user, *virtual_user_orig;
 	unsigned int destroyed:1;
 	unsigned int input_blocked:1;
 	unsigned int login_success:1;
diff --git a/src/login-common/sasl-server.c b/src/login-common/sasl-server.c
index 3fbc56093f..a90141d277 100644
--- a/src/login-common/sasl-server.c
+++ b/src/login-common/sasl-server.c
@@ -239,7 +239,11 @@ authenticate_callback(struct auth_client_request *request,
 		for (i = 0; args[i] != NULL; i++) {
 			if (strncmp(args[i], "user=", 5) == 0) {
 				i_free(client->virtual_user);
+				i_free_and_null(client->virtual_user_orig);
 				client->virtual_user = i_strdup(args[i] + 5);
+			} else if (strncmp(args[i], "original_user=", 14) == 0) {
+				i_free(client->virtual_user_orig);
+				client->virtual_user_orig = i_strdup(args[i] + 14);
 			} else if (strcmp(args[i], "nologin") == 0 ||
 				   strcmp(args[i], "proxy") == 0) {
 				/* user can't login */
@@ -271,8 +275,13 @@ authenticate_callback(struct auth_client_request *request,
 			for (i = 0; args[i] != NULL; i++) {
 				if (strncmp(args[i], "user=", 5) == 0) {
 					i_free(client->virtual_user);
+					i_free_and_null(client->virtual_user_orig);
 					client->virtual_user =
 						i_strdup(args[i] + 5);
+				} else if (strncmp(args[i], "original_user=", 14) == 0) {
+					i_free(client->virtual_user_orig);
+					client->virtual_user_orig =
+						i_strdup(args[i] + 14);
 				}
 			}
 		}